Brian, I would like to start from your security considerations document. Do you have a documented threat model (attackers, attacks, propabilities) motivating the choosen counter-measures?
regards, Torsten. Am 05.08.2010 um 02:09 schrieb Brian Eaton <bea...@google.com>: > On Wed, Aug 4, 2010 at 10:04 AM, Torsten Lodderstedt > <tors...@lodderstedt.net> wrote: >>> So far no one has offered to work on the security consideration section >>> (Brian's draft is too far from the format I need to incorporate). >>> >> >> I could work on this topic, if Brian does not insist to do so. >> @Brian: What do you think? > > Go for it. > >> From my point of view, the security considerations could be worked out on a >> per flow/profile base by multiple contributers (anyone interested?). At >> least we should agree on a common set of threat agents and a template. > > Yeah, the security considerations are different for different profiles. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth